Lucene search
HistoryJan 16, 2024 - 4:15 p.m.
CVE-2021-24566
cve-2021-24566
lfi attacks
woocs shortcode
wordpress plugin
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
8.7
Confidence
High
EPSS
0.001
Percentile
19.3%
The WooCommerce Currency Switcher FOX WordPress plugin before 1.3.7 was vulnerable to LFI attacks via the “woocs” shortcode.
Affected configurations
Node
pluginusfox_-_currency_switcher_professional_for_woocommerceRange<1.3.7wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| pluginus | fox_-_currency_switcher_professional_for_woocommerce | * | cpe:2.3:a:pluginus:fox_-_currency_switcher_professional_for_woocommerce:*:*:*:*:*:wordpress:*:* |
Related
cvelist
cvelist
cve
cve
CVE-2021-24566
2024-01-16 16:15:09
prion
prion
Code injection
2024-01-16 16:15:00
wpvulndb
wpvulndb
patchstack
patchstack
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
8.7
Confidence
High
EPSS
0.001
Percentile
19.3%
Related for NVD:CVE-2021-24566